Check: AIX7-00-002115
IBM AIX 7.x STIG:
AIX7-00-002115
(in versions v3 r1 through v1 r1)
Title
AIX must turn on SSH daemon reverse name checking. (Cat II impact)
Discussion
If reverse name checking is off, SSH may allow a remote attacker to circumvent security policies and attempt to or actually login from IP addresses that are not permitted to access resources.
Check Content
Check the SSH daemon configuration for the "VerifyReverseMapping" setting using command: # grep -i VerifyReverseMapping /etc/ssh/sshd_config | grep -v '^#' VerifyReverseMapping yes If the setting is not present or the setting is "no", this is a finding.
Fix Text
Edit the "/etc/sshd/sshd_config" file and add the following line: VerifyReverseMapping yes Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd
Additional Identifiers
Rule ID: SV-215298r991589_rule
Vulnerability ID: V-215298
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |